online, but without Dropbox being able to read them. I want to selectively share my photos, but without Facebook seeing them. I want to store my files online, but not in a company that could go bankrupt.
• /username/yourfiles • Tree of symmetric keys (TweetNaCl) with cryptographic links between (Cryptree) • Location + Key = cryptographic access token or capability (CAP) • Explicitly don't use convergent encryption!
generationAlgorithm Optional<FilePointer> publicData <== CAP to public data Optional<Cid> followRequestReceiver <== send follow requests Set<Cid> ownedKeys to this key Map<String, Cid> namedOwnedKeys Optional<UserStaticData> staticData <== encrypted CAPs Optional<Cid> champ <=== file system is here!
are 32 random bytes Keyset forms CRDT (grow only set with tombstones) Champ uses identity as hash Cryptree nodes themselves have merkle links to any encrypted fragments for the chunk Values can be made into file specific crdts (inside encryption) Links between different parts of same file or folder are encrypted => directory structure et al not visible to network (Compressed hasharray mapped trie)
have a public boxing key • To send a follow request: create a directory /myname/sharing/friendname • Send a read CAP to this directory encrypted to friend's public key • Shared files are currently vulnerable to a quantum computer • Will move to post-quantum sharing as soon as a clear candidate arrives
CAP encoded in a URL • https:// demo.peergos.net/#Public_writing_Key/Subspace_label/Decryption_Key • e.g. https:// demo.peergos.net/#2bBEyF99hKzU98M6y9H4scSXRza7xreaG7PcuydQKbfpp2DR5g4Y VavRsPw1T1u8qDzkA1pYXrs2KxBbFwQuDge6p1U/8gDZHdxtXXNLTghsUXqWtWUwSG VgjkqJhJYyUfrfMAJe/XpbvAJFoAK1hFNh3CLMgZSZvukLVoc794EXhh9YyGqjf • Material after # is not sent to the server file still isn't exposed to the network → • Can share an individual file or a folder
- video (also support streaming in browser using service workers) - images - audio - text - hex viewer Future: - sandboxed apps which we grant cryptographic capabilities - already have a prototype sandbox: browser + wine + x86 emulator cross compiled to JS – intercept the http requests and interpret as file requests in peergos
Brute force is practically impossible with a good password • Random 14 character alpha-numeric password has ~ 2^84 ~ 10^25 possibilities • A GPU can calculate ~ 1M scrypt hashes/s (measured by litecoin users) • One GPU cracking a single user’s login would take 10^19 seconds or ~ 300 billion years • 300 million GPUs would take 1000 years • GPU purchase cost = 300 billion USD
• Doesn't trust our public server • Doesn't trust the SSL chain Run Peergos on your machine AIR GAP Faraday cage Binary, compiled with 3 different compilers, from signed source
server and front end (varies only on version of javac used) • Do not use npm! Only 8 JS dependencies, all vendored (3 of which are crypto libraries) • Have our own deterministic replacement for webpack, and minifiers • Self host all assets • Most of the client code is written in a type safe language (Java) and cross compiled to JS • Will distribute updates through peergos itself
– done • Use actual IPNS - todo • • Fuse client – done • Security audit – todo • Granting write access – not in UI yet • Private keystore of friends (TOFU) – done Tor integration – todo
Sign up to hear when our alpha is ready (soon): https://peergos.org • Try our demo at https://demo.peergos.net • Read our book: https://peergos.github.io/book • Currently we are a team of 4 contributors •
Retroshare Open source Y N Y Y Y Y Y Self hostable Y N Y Y Y Y Y Data always encrypted at rest Y N N N Y Y N End to end encrypted (Client side encryption) including web browser Y N N N Y N (Gateway does the encryption) N Private keys never leave the client Y N N N Y N N/A Hides friendship graph Y N N N Y N/A Y Per file access control Y Y Y Y Y Y N Concept of file ownership + deletion Y Y Y Y N N Y Can create public links to files Y Y Y Y Y Y Y Can log in on multiple devices Y Y Y Y Y Y N Web interface Y Y Y Y Y N Quantum computer resistant encryption of non shared files Y N N N Y Y N Your files survive if your server self destructs planned N/A N N Y Y N Server written in a type safe language Y N N N Y N N Quantum computer resistant encryption of shared files planned N N N Y Y N Search planned Y Y Y N N Y Native directory sync planned Y Y Y N N Secure Chat planned N N N Y N Y Comparison